Awake Security Platform Review

Data is displayed in a very easy to read and understandable manner


What is our primary use case?

The tool generates automated alarms to correlate any network activity that we see with some of that more deep packet inspection which Awake provides.

There is currently not a lot of IoT in our environment.

How has it helped my organization?

From a compliance standpoint, we were able to easily identify some security weaknesses built into our systems from an architectural standpoint. We were able to quickly remediate these, e.g., some places encryption was lacking or places where passwords were stored.

This solution help us monitor devices used on our network by insiders, contractors, partners, or suppliers. Its correlation and identification of specific endpoints is very good, especially since we have a large, virtualized environment. It discerns this fairly well. Some of the issues that we have had with other tools is we sometimes are not able to tell the difference between users on some of those virtualized instances. This solution doesn't seem to have an issue because enough data is collected that we can easily tell which users are responsible for the traffic on which systems.

I haven't seen any really false positives from Awake. Everything that I have seen that hasn't been actionable has been either low level stuff or part of the learning that Awake is doing in our environment. These have been some legitimate processes or functions that look bad but are normal in the environment. Therefore, false positives are pretty low in Awake.

What is most valuable?

The portion that I use the most is the Adversarial Modeling trend. This threat graphing is probably the most useful feature that we have right now. It displays the data that Awake collects, displaying it in a very easy to read and understandable manner. This is compared to other tools in this similar space, where I found the learning curve and the ability to understand what those tools were analyzing and reporting difficult because it took a bit more time to learn how they reported. 

The data science capabilities of this solution are good. It provides relative correlations. It seems to be very accurate in its detection based on the data science that it runs. Compared to other tools, it seems to be much easier with its machine learning aspects.

This solution’s encrypted traffic analysis is good. Every time I have needed to retrieve data for decryption, it was available. 

What needs improvement?

Some of the searching capability is a bit hard to use without in-depth knowledge. In one of the earlier versions, there was a tool that helped you build some of your searches and help you correlate your data manually. This seems to have been removed in a later version. That is probably the biggest thing I've noticed.

Be prepared to update your SOPs to have your analysts work in another tool separately. There are some limitations in the integrations right now. One of the things that I want from a security standpoint is integration with multiple tools so I don't need to have my analysts logging into each individual tool. They are working on this at the moment with Splunk and should have something ready in two weeks.

For how long have I used the solution?

I have been using it since August.

What do I think about the stability of the solution?

The stability seems to be fine with no impacts to our network or any of our systems; there has been nothing I have noticed as far as stability-wise with the Awake platform. 

I run the cyber information security team for the entire organization and have oversight on the security operations center (SOC) as well.

What do I think about the scalability of the solution?

For the scalability portion of it, we haven't really looked into that yet. Cloud TAPs and stuff like that will help determine when it is time for us to look into it. From what I can see, the scalability is pretty easy. Awake really provides a roadmap and guide which makes it pretty straightforward.

We are still somewhat in an onboarding phase because we have scaled back, focusing on specifically on Awake. Right now, an analyst and I log in and just review the adversarial model trend to look for any kind of alerts that have been escalated in the last day. Eventually, we will be onboarding it with our SOC and having about four or five additional people monitor that activity.

Currently, we do have a limit on the visibility we have with it, but we are seeing about 95 percent of our network traffic in our primary data center. Therefore, the scope of it is that we have 2,700 employees and approximately 6,000 devices. We don't have any definitive plans to increase usage in the near term. Ideally, we would like the budget requirements to expand into the cloud and get that remaining five percent visibility in our other data centers.

Which solution did I use previously and why did I switch?

We previously had NetMon, which was a product from LogRhythm. First off, there were a lot of hardware issues along with a lot of sizing and scoping constraints provided to us by LogRhythm that just didn't scale. Also, the data enrichment and data science behind it was very low level and not NextGen.

How was the initial setup?

The initial setup was very straightforward. They shipped us the device. They sent us an engineer to work onsite. We already had a network TAP port configured, which they plugged in. Then, the configuration and data normalization was all handled by Awake. There was very little to no effort other than by the Awake engineer who came to our data center.

It took one day to physically deploy and a week for normalization of data. 

What about the implementation team?

We left the implementation strategy up to Awake.

Deployment and maintenance are handled by Awake. Just last week, we received an email saying, "There's an upgrade. When do we have a patching window?" You just provide them the time and they do the update.

What was our ROI?

We have seen ROI. Fortunately, we haven't seen anything really bad from a malicious standpoint. However, some of the visibility Awake gave us into some of those compliance, architecture, and system engineering flaws that we were not previously aware about has let us remediate them.

Which other solutions did I evaluate?

We evaluated Darktrace. We got more valuable data from Awake than we actually got from Darktrace. As far as I'm concerned, Darktrace was a 100 percent false positives after doing Awake. After doing a PoC with Awake, we realized that the entire PoC with Darktrace was completely inaccurate. That was something that Awake showed us within its first week of being in. They said, "Hey, this is what we're seeing. It's half the size of what we expected compared to what Darktrace was telling you." So, I can't even give an accurate statement as to false positives specifically with Darktrace because I think the entire PoC scene was a giant false positive based on terrible data that they didn't recognize was bad.

Awake has really easy of use. It was just far easier to use as far as seeing rich, actionable data than LogRythm. There was less of a learning curve to understand what they were trying to represent. The other thing was I found much fewer false positives in Awake. The data was more accurate, especially during that PoC faze. 

From my opinion of the engineers that I met on each side of the table, Awake had engineers who really knew what they were doing. They were able to identify issues more quickly with the way our appliance was collecting and seeing data. Awake came to us after a week, and said, "We're seeing duplicate data." That was data that Darktrace was trying to charge us double for. Therefore, the technical expertise and understanding from the team seemed much greater at Awake than it did at Darktrace.

I didn't even consider LogRhythm to be on the same level. 

What other advice do I have?

We have not used the functionality for cloud TAPs.

I would rate this solution as a nine (out of 10).

**Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
More Awake Security Platform reviews from users
...who compared it with Darktrace
Identify hidden network threats

Your network may have security risks that you don't know about. Schedule a live demo to see how you can use Awake Security to identify and mitigate these threats.

Add a Comment
Guest